<PAGE>
	<INCLUDE file="inc/header.tmpl" />

	<VAR match="VAR_SEL_STARTED" replace="selected" />
	<VAR match="VAR_SEL_VPNCSCRIPT" replace="selected" />
	<PARSE file="menu1.xml" />
	<PARSE file="menu2-started.xml" />

	<INCLUDE file="inc/content.tmpl" />

<h1>Install a <tt>vpnc-script</tt>.</h1>

<p>OpenConnect just handles the communication with the VPN server; it does
not know how to configure the network routing and name service on all the
various operating systems that it runs on.</p>

<p>To set the routing and name service up, it uses an external script
which is usually called <tt>vpnc-script</tt>. It's exactly the same script that
<a href="https://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a> uses.
You may already have a <tt>vpnc-script</tt> installed on your system,
perhaps in a location such as <tt>/etc/vpnc/vpnc-script</tt>.</p>

<p>If you don't already have it, you can get a current version from <a
href="https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-script">here</a>.
Even if you already have a copy from vpnc, you may wish to install this updated
version which has support for IPv6, and for running on Solaris and on newer Linux
kernels amongst other bug fixes.</p>

<p>Note that the script needs to be executable, and stored somewhere
where SELinux or similar security systems won't prevent the root user
from accessing it.</p>

<p>Current versions of OpenConnect <i>(since version 3.17)</i> are configured
with the location of the script at build time, and will use the script
automatically. If you are using a packaged build of OpenConnect rather than
building it yourself, then the OpenConnect package should have a dependency
on a suitable version of <tt>vpnc-script</tt> and should be built to look in
the right place for it. Hopefully your distributions gets that right.</p>

<p>If you're using an older version of OpenConnect, or if you want to use
a script other than the one that OpenConnect was configured to use, you
can use the <tt>--script</tt> argument on the command line. For example:
 <ul><li><tt>openconnect --script /etc/vpnc/vpnc-script https://vpn.example.com/</tt></li></ul></p>

<p>If OpenConnect is invoked without a suitable script, it will not be able
to configure the routing or name service for the VPN.</p>

<h1>Windows</h1>

<p>On Windows, the default configuration of OpenConnect will look for
a script named <tt>vpnc-script-win.js</tt> in the same directory as the
<tt>openconnect.exe</tt> executable, and will execute it with the
<a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cscript">command-based
script host (<tt>CScript.exe</tt>)</a>.</p>

<p>The current version of this script can be found <a
href="https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-script-win.js">here</a>.</p>

<p>Note that although the script is basically functional for
configuring both IPv6 and Legacy IP, it does not fully tear down the
configuration on exit so stale IP address might be left around on the
interface.</p>

	<INCLUDE file="inc/footer.tmpl" />
</PAGE>
